server {
  listen                80;
  listen                443 ssl;

  server_name           <%= @server_name %> <%= @server_aliases.join(" ") %>;
  access_log            <%= node['nginx']['log_dir'] %>/<%= @server_name %>.access.log;

  ssl_certificate_key <%= node['nginx']['ssl_key'] %>;
  ssl_certificate <%= node['nginx']['ssl_cert'] %>;

  <% if node['elkstack']['config']['kibana']['redirect'] %>
  if ( $scheme = http ){
    rewrite ^ https://<%= @server_name %>$request_uri? permanent;
  }
  <% end %>

  location / {
    proxy_pass http://localhost:<%= @kibana_port %>;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 90;

    # Password protect Kibana
    auth_basic "Restricted Access";
    auth_basic_user_file <%= node['nginx']['dir'] %>/htpassword;
  }

}
